发表新帖
发表新帖

ASP.NET Security Roles AND Permissions

前端 未结
关注
5 1313
[愿得一人]
[愿得一人] 2021-01-03 00:35

I\'m comfortable with the ASP.NET security model whereby one can allow/deny access to users in the web.config based on what roles they are in e.g.
5条回答
  • 旧巷少年郎
    旧巷少年郎 (楼主)
    2021-01-03 00:54

    It's not there out of the box; but if you wanted to be more granular, why not have granular roles like "CanPrint", "CanDelete" rather than wider ones like "Admin"?

    If they want a container type scenario as you indicate in your comments you could setup a custom IPrincipal - where, after authentication, and with each new request you look at the user's role membership ("Admin", "Public" etc.) and then override IsInRole on your IPrincipal. You can find an example here

    0 讨论(0)
 看不清?
提交回复
热议问题